The sbomify Blog
Content for software, product, and digital security experts
Software Composition Analysis (SCA): What It Is and How SBOMs Fit In
Software Composition Analysis (SCA) is a category of application security tooling that identifies open source and third-party components in a codebase, catalogs their licenses, and detects known vulnerabilities...
FDA Medical Device SBOM Requirements: What the New Cybersecurity Guidance Means for Manufacturers
On June 27, 2025, the FDA issued updated guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” This document marks a significant step...
Apache License 2.0: What It Is, How It Works, and What It Means for Your Software
The Apache License 2.0 is a permissive open source license published by the Apache Software Foundation (ASF) that allows users to freely use, modify, distribute, and sublicense software...
CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers
The EU Cyber Resilience Act (CRA) is transforming how device manufacturers approach cybersecurity. To break down what this means in practice, Viktor sat down with Sarah Fluchs on...
Container Security: Best Practices for Securing Docker and Kubernetes
Container security is the practice of protecting containerized applications and their infrastructure throughout the entire lifecycle — from building container images through deployment and runtime operations. Containers package...
What Is a KEV? Understanding CISA's Known Exploited Vulnerabilities Catalog
A KEV (Known Exploited Vulnerability) is a vulnerability that has been confirmed as actively exploited in the wild. The CISA Known Exploited Vulnerabilities Catalog, maintained by the Cybersecurity...
Software Supply Chain Management: Risks, Best Practices, and SBOM Integration
Software supply chain management is the practice of identifying, assessing, and mitigating risks across the entire chain of components, tools, and processes used to develop and deliver software....
The GPL License: A Comprehensive Guide to the GNU General Public License
The GPL (GNU General Public License) is a free software license that guarantees end users the freedom to run, study, modify, and share software. Created by Richard Stallman...
Major Updates: sbomify v0.21 and Action Module v0.8 & v0.9
CVE Vulnerabilities Explained: What They Are and Why They Matter
A CVE (Common Vulnerabilities and Exposures) is a standardized identifier assigned to a publicly known cybersecurity vulnerability. Each CVE entry provides a unique ID, a description, and references...
Software Development Life Cycle (SDLC): A Complete Guide
The Software Development Life Cycle (SDLC) is a structured process that defines the stages involved in developing software from initial concept through deployment and maintenance. SDLC provides a...
Announcing sbomify v0.20: Custom Domains & Streamlined Onboarding